Privacy Policy

1. General Information

1.1. Who we are: This Privacy Policy explains how UAB "Greatness" (company code 306027320, hereinafter “Company”, “we”, “us”, or “our”) handles your Personal Data when you visit our website, use the Roots & Remedies mobile application (the "App") or natural remedies recipe books (collectively the "Services"), or contact us via email or social media.

1.2. If you purchase multiple products from us, the privacy policies of those specific products also apply. In the event of a conflict, the product-specific policy takes precedence.

1.3. Definition of Personal Data: Personal Data refers to any information relating to an identified or identifiable natural person (e.g., name, email, health data). We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws.

1.4. Contact: For privacy inquiries, please contact our Data Protection Officer at [email protected].

2. Principles of Data Processing

2.1. We adhere to the following principles when processing your data: Lawfulness, fairness, and transparency: We process data legally and openly. Purpose limitation: We only collect data for specific, legitimate purposes. Data minimization: We only collect what is necessary. Accuracy: We keep data up to date. Storage limitation: We do not keep data longer than needed. Integrity and confidentiality: We use technical measures to protect against unauthorized access or loss.

3. Personal Data We Collect & How We Use It

We process data for the following purposes and legal grounds:

3.1. Personalized Wellness Plans: Data: Quiz answers (which may include sensitive health data, age, height, weight, wellness goals). Purpose: To offer a personalized natural remedy or meal plan. Legal Basis: Your Consent. Retention: 2 years from your last activity or until consent is withdrawn.

3.2. Subscriptions & Service Provision: Data: Name, email, phone number, purchase history, payment details (processed by third parties). Purpose: To provide the Services (App access, Recipe Book delivery) and manage transactions. Legal Basis: Performance of a Contract. Retention: 5 years following the end of services (or longer for tax/accounting laws).

3.3. Newsletters & Marketing: Data: Email address, purchase history. Purpose: To send relevant updates, offers, and content. Legal Basis: Consent or Legitimate Interest (for existing customers). Retention: 2 years, or until you opt-out/unsubscribe.

3.4. Customer Support: Data: Email, message content, metadata, account details. Purpose: To resolve inquiries and disputes. Legal Basis: Consent or Legitimate Interest. Retention: 3 years, unless required longer for legal disputes.

3.5. AI-Powered Support & Features: 3.5.1. We utilize third-party Artificial Intelligence (AI) tools to automate customer support and provide in-app recommendations. 3.5.2. By contacting support or using the App's AI features, you acknowledge that health-related information (e.g., symptoms, wellness goals) may be processed by AI to generate answers. 3.5.3. We ensure third-party AI providers adhere to strict data protection standards (including Standard Contractual Clauses for transfers outside the EEA). 3.5.4. Automated decision-making (e.g., for refunds) may occur. You have the right to request human intervention for these decisions.

3.6. Social Media Administration: Data: Profile name, photo, interactions (likes/comments) on our social media (Facebook, Instagram, TikTok, etc.). Legal Basis: Consent or Legitimate Interest.

3.7. App Functionality & Analytics: Data: IP address, device type, OS, location (if shared), usage patterns (clicks, views). Purpose: To improve the App and Website security and functionality. Legal Basis: Consent (Cookies) or Legitimate Interest.

3.8. Apple Refund Data: If you request a refund through Apple, we may share data regarding your content consumption with Apple to validate the request.

3.9. Third-Party Login: If you sign in via Google, Apple, or Facebook, we collect limited info (email, token) to create your account. We do not control these third parties; please review their privacy policies.

4. Data Retention

4.1. Data is not kept longer than necessary for the specific purpose.

4.2. We may anonymize data (making it non-identifiable) for research, statistics, or service improvement. Anonymized data may be used without restriction.

4.3. We may retain data longer if required by law (e.g., tax obligations) or for legal defense.

5. Data Sharing & Recipients

We may share your data with: Group Companies: For internal administration and service integration. Service Providers: IT, email services, marketing agencies, and AI providers (e.g., OpenAI). Payment Processors: We do not store full credit card numbers. Payments are handled by third-party processors. Professional Advisers: Lawyers, auditors, insurers (for risk management). Legal Authorities: If required by law or to protect our rights. International Transfers: If data is transferred outside the EEA, we use Standard Contractual Clauses to ensure protection.

6. Direct Marketing

6.1. We may contact you via email or phone (SMS) regarding products, offers, or campaigns.

6.2. Opt-Out: You may opt out at any time by clicking the "unsubscribe" link in emails or contacting [email protected].

6.3. Opting out of marketing does not stop transactional emails (e.g., receipts, password resets).

7. AI Tools Specifics

7.1. The App uses AI to provide insights on nutrition, wellness, and natural remedies based on your inputs.

7.2. No Medical Advice: The AI does not provide medical diagnoses.

7.3. Data Processing: AI tools may process both personal and non-personal data to improve the relevance of recommendations.

7.4. Third Parties: Data interacted with via the in-app assistant may be processed by providers like OpenAI, subject to strict confidentiality.

8. Security

8.1. We use technical and organizational measures (access controls, encryption, training) to protect your data.

8.2. While we strive for maximum security, no internet transmission is 100% secure.

9. Your Rights

Under the GDPR and other laws, you have the right to: Be Informed: Know how we use your data. Access: Request a copy of your data. Rectification: Correct inaccurate data. Erasure: Request deletion of data (subject to legal exceptions). Restriction: Limit how we process your data. Object: Object to processing based on legitimate interest or for direct marketing. Data Portability: Receive your data in a machine-readable format. Withdraw Consent: At any time (where processing is based on consent). Complain: Lodge a complaint with a supervisory authority (e.g., State Data Protection Inspectorate in Lithuania). To exercise these rights, contact [email protected]. We will verify your identity before proceeding.

10. Third-Party Websites

Our Services may contain links to partner websites. We are not responsible for their privacy policies. Please review them before submitting data.

11. Children

Our Services are targeted at individuals over 18. We do not knowingly collect data from minors. If we discover such data, we will delete it.

12. California Privacy Rights (CCPA)

12.1. No Sale of Data: We do not knowingly sell personal information. If this changes, we will provide an opt-out.

12.2. Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

12.3. Do Not Track: We do not currently respond to browser-initiated "Do Not Track" signals.

13. Data Scraping

Automated data collection (scraping) from our Website or App is strictly prohibited without written consent.

14. Changes to Policy

We may update this Privacy Policy at any time. Material changes will be communicated via email or the Website. The English version of this policy prevails in case of translation discrepancies.

15. Contact Us

If you have questions or wish to exercise your rights, please contact us at: Email: [email protected]